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REMARKS 

Claims 1-17 are pending in the present application and all stand rejected as being obvious 
under 35 U.S.C. § 103(a). In particular. Claims 1, 2 and 7-14 are rejected as being obvious over 
U.S. Patent No. 6,367,009 to Mark C. Davis, et al. in view of U.S. Patent No. 6,178,505 to David 
S. Schneider, et al. In addition. Claims 4-6, 16 and 17 are rejected as being obvious over the 
Davis '009 patent in viev^r of the Schneider '505 patent and in fiirther view of U.S. Patent No. 
6,240,091 to Philip Ginzboorg, et al. Further, Claims 3 and 1 5 are rejected as being obvious over 
the Davis '009 patent in view of the Schneider '505 patent and in further view of U.S. Patent No. 
5,774,552 to Francine G. Grimmer. As described below, each independent claim, namely, 
independent Claims 1, 8 and 13, has been amended to ftirther patentably distinguish the claimed 
invention from the cited references, taken either individually or in any proper combination. 
Based on the foregoing amendments and the foUowing remarks, reconsideration of the present 
application and allowance of the pending claims are respectfully requested. 

All of the rejections are premised upon a combination of the Davis '009 patent and the 
Schneider '505 patent. As described below, these references cannot properly be combined and 
the rejections are therefore initially traversed on this basis. In particular, in order to properly 
combine references, a teaching or motivation to combine the references is essential. /« re Fine, 
337 F.2d 1071 , 1075 (Fed. Cir. 1988). In fact, the Court of Appeals for the Federal Circuit has 
stated that, "[c]ombining prior art references without evidence of such a suggestion, teaching, or 
motivation simply takes the inventor's disclosure as a blueprint for piecing together the prior art 
to defeat patentability - the essence of hindsight." In re Dembiczak, 175 F.3d 994 (Fed. Cir. 
1999). Altiiough ttie evidence of a suggestion, teaching, or motivation to combine the references 
commonly comes from the prior art references themselves, the suggestion, teaching, or 
motivation can come from the knowledge of one of ordinary skill in the art or the nature of the 
problem to be solved. Id. In any event, the showing must be clear and particular and "[b]road 
conclusory statements regarding the teaching effect of multiple references, standing alone, are 
not 'evidence'." /rf. 

In this instance, the Davis '009 patent describes a computer architecture in which a client 
communicates with a middle tier server (MTS) which, in turn, accesses an application on an end 
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tier server (ETS). To provide security, a first secure sockets layer (SSL) connection is 
estabUshed between the client and the MTS, while a second SSL connection is estabUshed 
between the MTS and the ETS. In establishing the second SSL connection, the ETS is provided 
with a delegate cerHficate that includes the name of the client as the subject. As described in 
column 13, lines 35-42 of the Davis '009 patent, the ETS can utilize the name of the cUent in 
order to control access to the desired application by comparing the name of the client to a Ust of 
authorized users and allowing access if the name of the cUent is included in the list of authorized 
users and denying access otherwise. 

The Official Action recognizes that "Davis does not disclose pennitting the user access to 
a portion of a computer site and restricting the user from at least one other portion of the 
computer site [as recited by the independent claims]." The Official Action also notes that "Davis 
does not disclose user accounts indicating which portion of the computer site to which the 
corresponding user is permitted access [as also recited by the independent claims]." As such, the 
Official Action combines the Schneider '505 patent with the Davis '009 patent for its disclosure 
of "a database (directory) of user accounts wherein the user is assigned a group and is allowed 
access to data said group is permitted to access." 

The Schneider '505 patent describes a computer network having a number of access 
filters that defme the access rights of the various users. In this regard, each user is defined to be 
the member of one or more groups, e.g., engineers, sales force, etc. The groups, in turn, are 
provided or denied access rights to various information resources. Depending upon a user's 
membership in the various groups, the users are therefore provided or denied access rights to 
different ones of the information resources. 

Although the Official Action indicates that "[i]t would be obvious to one skilled in the art 
to modify the system of Davis with the user account access control of Schneider because ACL's 
[access control lists] do not provide the level of security and flexibiUty that user accounts do", 
AppUcants submit the Davis '009 patent and the Schneider '505 patent cannot properiy be 
combined. In this regard, the Davis *009 patent provides for a user to be granted or denied 
access to a particular application based upon the user's identity and the list of users authorized to 
access the application, thereby providing access control for a given server as opposed to 
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providing a directory with an account for each user as noted in the Response dated April 13, 
2004. As described, the Davis '009 patent does not place the users into groups. Since the Davis 
'009 patent relies upon the user's identity to determine the access rights and does not utilize 
group membership for any reason, it vi^ould be incongruous to combine the Davis '009 patent 
with the Schneider '505 patent which reUes upon group membership as the basis for its access 
control scheme. 

Moreover, while the access control scheme of the Schneider '505 patent may be 
advantageous in some situations for providing a common means of providing access control for 
muhiple applications, the Davis '009 patent is particularly directed to computer architectures in 
which a client is attempting to access a particular application served by a respective ETS. Thus, 
the capability provided by the Schneider '505 patent of providing common access control for 
multiple applications is largely, if not completely, inunaterial relative to the computer 
architecture of the Davis '009 patent in which access is governed, not by a conmion entity, but 
by an individual ETS that is responsible for controlling access for a respective appUcation. 
Additionally, modifying the computer architecture of the Davis '009 patent that is concerned 
with access control for a given server to make use of the group level access control of the 
Schneider '505 patent would require a significant alteration of the computer architecture of the 
Davis '009 patent in a manner that would appear to change the principle of operation of the 
computer architecture which further evidences the impermissibility of such a combination since, 
as stated in MPEP § 2143.01 , "[a] proposed modification cannot change the principle of 
operation of a reference." 

For each of the foregoing reasons. Applicants submit that the Davis '009 patent and the 
Schneider '505 patent cannot properiy be combined. Thus, the rejections of the claims are 
respectfully traversed. 

Even if the references were combined, however, Apphcants submit that the combination 
of the references does not teach or suggest the amended set of claims. In this regard and for sake 
of reference, independent Claim 1 is directed to an access system that includes a certificate 
authentication component to verify a user's' identity from a digital certificate, a directory to 
maintain an account for each user with each account containing an access policy specifying at 
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least one portion of the computer site in which the user is permitted access, and an access control 
system for contiolUng access to a computer site by permitting the user to access a portion of the 
computer site and restricting the user from accessing at least one other portion of the computer 
site based on the access poUcy. Building upon the initial verification of the user's identity by the 
certificate au±entication component, independent Claim 1 has now been amended to clarify that 
the directory maintains an account fnr each individual user, as opposed to a group of users. 
Moreover, independent Claim 1 has been amended to specify that the access control system 
controls the access based on the access polic y associated with the individual user, again as 
opposed to a group. While Claim 1 has been described for purposes of example, independent 
Claims 8 and 13, which are directed to a method and another embodiment of an access system, 

have likewise been amended. 

As noted by the Official Action, the Davis '009 patent fails to teach or suggest the 
claimed invention. In this regard, the Official Action states that "Davis does not disclose 
permitting the user access to a portion of a computer site and restricting the user from at least one 
other portion of the computer site. Davis does not disclose user accounts indicating which 
portion of the computer site to which the corresponding user is permitted access." Even if the 
Schneider '505 patent were combined with the Davis '009 patent, the resulting combination still 
fails to teach or suggest a directory maintaining an account including an access policy for each 
individual user and an access control system for controlling access to a computer site based on 
the access pohcy associated with the individual user in the directory, as now recited by amended 
independent Claim 1 . In this regard, the Schneider '505 patent provides access rights on a 
group-by-group basis and not based on personalized access poUcies for an individual user. Since 
the Schneider '505 patent is cited specifically for its disclosure of a user account for purposes of 
access control, the resulting combination would practice the access control technique of the 
Schneider '505 patent, that being the provision of access rights on a group basis as opposed to an 
individualized basis as set forth by amended independent Claim 1. Thus, even if the Davis '009 
patent and the Schneider '505 patent were combined the resulting combination would fail to 
teach or suggest that the directory maintains an account for each individual user and that the 
access control system controls the access based on the access policy associated with the 
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individual user, as set forth by amended independent Claim 1, since the combination of 
references would, at best, provide access control on a group basis as opposed to the 
individualized basis set forth by the claimed invention. 

Thus, amended independent Claim 1 is not taught or suggested by the Davis '009 patent 
in combination with the Schneider '505 patent. The other independent claims, that is. Claims 8 
and 13. have been similarly amended and include comparable recitations to independent Claim 1 
and are therefore patentably distinct ftom the Davis '009 patent and the Schneider '505 patent 
for at least the same reasons as described above in conjunction with independent Claim 1. The 
tertiary references Ukewise fail to cure the deficiencies of the Davis '009 patent and the 
Schneider '505 patent with the tertiary references only being cited by the Official Action in 
conjunction with features set forth in various dependent claims. 

For each of the foregoing reasons, Applicants submit that the rejections of independent 
Claims 1, 8 and 13 are therefore overcome. Since the dependent claims include each of the 
recitations of a respective independent claim, Applicants submit that the rejections of the 
dependent claims are also overcome for at least the same reasons as described above in 
conjunction with a respective independent claim. 
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CONCLUSION 

In view of the amended claims and remarks presented above, it is respectfully submitted 
that all of the present claims of the present application are in condition for immediate allowance. 
It is therefore respectfully requested that a Notice of Allowance be issued. The Examiner is 
encouraged to contact Applicants' undersigned attorney to resolve any remaining issues in order 
to expedite examination of the present application. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a). and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account NOi 07-2347. 

Respectfiilly submitted, 
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